Tag Archives: var-username

Anonymous Announces #OpSilence, Month-Long Attacks on Mainstream Media

Members of the Ghost Squad Hackers team, one of most active Anonymous sub-divisions, have carried out DDoS attacks on CNN and FOX News as part of a new hacktivism campaign. Called OpSilence, the campaign’s goal is to attack all mainstream media that fails to report on the Palestine war or the true crimes happening in Syria, one of the hackers told Mic. #OpSilence will take place during the entire month of June 2016 The operation will be run similarly to #OpIcarus , a month-long series of attacks that took place in the month of May against various banks around the world. Any hacktivism group is welcomed to join, and the campaign comes on the heels of OpIcarus, which just ended yesterday. Ghost Squad Hackers didn’t wait for June to start to begin their attacks, and they’ve already hit the email servers of FOX News and CNN. The group has been changing tactics lately, switching from DDoSing public websites to attacking mail servers, as they did most recently against the Bank of England. Other hackers have taken a pro-Palestine stance before Taking a pro-Palestine stance isn’t something strange for hackers, many others supporting this cause as well. The previous group that did so was CWA (Crackas With Attitude), whose hacked targets include CIA Director John Brennan’s personal AOL email account, FBI Deputy Director Mark Giuliano, US National Intelligence Director James Clapper, and President Barack Obama’s Senior Advisor on science and technology John Holdren. The group is also responsible for hacking the JABS US national arrests database. They also leaked details for 2,400 US government officials, 80 Miami police officers, 9,000 DHS employees, and 20,000 FBI staffers. Back in February, the group’s leader, a sixteen-year-old boy, was arrested in East Midlands, England. Source: http://news.softpedia.com/news/anonymous-announces-opsilence-month-long-attacks-on-mainstream-media-504760.shtml

See the article here:
Anonymous Announces #OpSilence, Month-Long Attacks on Mainstream Media

DDoS Attacks via TFTP Protocol Become a Reality After Research Goes Public

Almost three months after researchers from the Edinburgh Napier University published a study on how to carry out reflection DDoS attacks by abusing TFTP servers, Akamai is now warning of real-life attacks. Akamai SIRT, the company’s security team, says its engineers detected at least ten DDoS attacks since April 20, 2016, during which crooks abused Internet-exposed TFTP servers to reflect traffic and send it tenfolds towards their targets, in a tactic that’s called a “reflection” (or “amplification”) DDoS attack. The crooks sent a small number of packets to TFTP servers, which contained various flaws in the protocol implementation, and then sent it back multiplied to their targets. The multiplication factor for TFTP DDoS attacks is 60, well above the regular average for reflection DDoS attacks, which is between 2 and 10. First instances of TFTP reflection DDoS attacks fail to impress Akamai says the attacks they detected employing TFTP servers were part of multi-vector DDoS attacks, during which crooks mixed different DDoS-vulnerable protocols together, in order to confuse their target’s IT department and make it harder to mitigate. Because the attack wasn’t pure, it never reached huge statistical measurements. Akamai reports the peak bandwidth was 1.2 Gbps and the peak packet volume was 176,400 packets per second. These are considered low values for DDoS attacks, but enough to consume the target’s bandwidth. Akamai SIRT says they’ve seen a weaponized version of the TFTP attack script circulating online as soon as the Napier University study was released. The crooks seem to have misconfigured the attack script The attack script is simple and takes user input values such as the victim’s IP, the attacked port, a list of IP addresses from vulnerable, Internet-available TFTP servers, the packet per second rate limit, the number of threads, and the time the script should run. In the attacks it detected, Akamai says the crooks ignored to set the attacked port value, and their script send out traffic to random ports on the target’s server. Back in March, Napier University researchers said they’ve found over 599,600 publicly open servers that had port 69 (TFTP) open. Akamai warns organizations to secure their TFTP servers by placing these servers behind a firewall. Since the 25-year-old TFTP protocol doesn’t support modern authentication methods, there is no good reason to have these types of servers exposed to the Internet. Source: http://news.softpedia.com/news/ddos-attacks-via-tftp-protocol-become-a-reality-after-research-goes-public-504713.shtml#ixzz4AH801pER

More:
DDoS Attacks via TFTP Protocol Become a Reality After Research Goes Public

UK-Based Llyod’s Bank Sees Decrease in Cyberattacks

Swimming against the torrent of relentless headlines highlighting the lack of cybersecurity among banks, government agencies, and popular websites, the Lloyds Banking Group has seen an 80-90% drop in cyberattacks. The reason? “Enhanced” cybersecurity measures. While banks around the world begin to accept the uncomfortable reality wherein a $81 million cyber-heist is entirely plausible whilst relying on the global banking platform (SWIFT), one UK-based bank has seen a drop in cyber-attacks. UK-based Llyods Banking Group has seen a drop of between 80% to 90%, even though there has been an increase in cyberattacks targeting the UK this year. The revelation was made by Miguel-Ángel Rodríguez-Sola, the group director for digital, marketing & customer development. One of the most common attack vectors remain Distributed Denial of Service (DDoS) attacks. “There had been an increase in the UK in terms of cyber attacks between June and February this year,” Rodríguez-Sola stated. He added “However, over the last two months, I have had five-times less than at the end of last year.” Speaking to the Telegraph , he claimed a greater collaborative effort with law enforcement agencies. More notably, he spoke about the enabling of additional layers of cyber-defenses, without going into specifics. In statements, he said: We needed to re-plan our digital development to make sure that we put in new defences, more layers. [The number of cyberattacks] is now one-fifth or one-tenth of what it was last year. The news of a decrease in cyberattacks faced by the banking group comes during a time when a third bank was recently revealed to be a victim of the same banking group which was involved in a staggering $81 million dollar heist involving the Bangladesh Central Bank. Increasing reports of other member banks of the SWIFT network falling prey to cyberheists has spurred SWIFT to issue a statement, urging banks to report cybercrimes targeting member banks. Source: https://hacked.com/uk-based-llyods-bank-sees-decrease-cyberattacks/

View article:
UK-Based Llyod’s Bank Sees Decrease in Cyberattacks

Anonymous is 2016’s top trending hacktivist group

Anonymous emerges as the leader in 2016’s Trending Hacktivist Groups Anonymous continued to remain at the top in the top trending hacktivist group, says SurfWatch Labs based on the data collected on threat intelligence and social media hype. The hacktivist group was followed by Turk Hack Team (THT), New World Hacking (NWO), and Ghost Squad Hackers. In comparison to other years, the data shows that hacktivism has decelerated and lost its impetus but still has managed to cause enough damages to gather mainstream media attention. The government agencies were hit the most by hacktivism campaigns says the security firm with the most publicity having been created around the now-notorious COMELEC hack by Anonymous Philippines and Lulzsec Philippines, during which information for around 50 million Filipino voters were disclosed. Other than this incident, at the start of the year, the hacktivist groups created a lot of attention to their causes via the massive DDoS attack on BBC, the DDoS attacks on Donald Trump’s websites part of #OpTrump, the DDoS attacks on the Bank of Greece part of #OpIcarus, and the ones on Nissan part of #OpKillingBay. The Bank of Cyprus, the pulling down of ISIS Twitter profiles followed by the Belgium attacks, and the leak of data from NASA’s internal network were some of the other small hacktivism incidents that also managed to garner a lot of attention to causes and the groups behind them. During the first months of 2016, the top five hacktivism campaigns were #OpTrump, #OpKilling Bay, #OpWhales, #OpIsrael, and #OpAfrica. Since #OpIcarus was supposed to last for the entire month of May, it was not included in the list. However, the campaign is sure to become a support in Anonymous’ standard operations. Former big names such as the Syrian Electronic Army (SEA) and Lizard Squad seem to have disappeared with no or little activity from its members, points out SurfWatch Labs in its report. Looks like the SEA group members are perhaps busy avoiding getting arrested considering that the US has filed former charges against members of the group. Source: http://www.techworm.net/2016/05/anonymous-2016s-top-trending-hacktivist-group.html

See the original article here:
Anonymous is 2016’s top trending hacktivist group

Major DNS provider hit by mysterious, focused DDoS attack

Attack on NS1 sends 50 million to 60 million lookup packets per second. Unknown attackers have been directing an ever-changing army of bots in a distributed denial of service (DDoS) attack against NS1, a major DNS and traffic management provider, for over a week. While the company has essentially shunted off much of the attack traffic, NS1 experienced some interruptions in service early last week. And the attackers have also gone after partners of NS1, interrupting service to the company’s website and other services not tied to the DNS and traffic-management platform. While it’s clear that the attack is targeting NS1 in particular and not one of the company’s customers, there’s no indication of who is behind the attacks or why they are being carried out. NS1 CEO Kris Beevers told Ars that the attacks were yet another escalation of a trend that has been plaguing DNS and content delivery network providers since February of this year. “This varies from the painful-but-boring DDoS attacks we’ve seen,” he said in a phone interview. “We’d seen reflection attacks [also known as DNS amplification attacks] increasing in volumes, as had a few content delivery networks we’ve talked to, some of whom are our customers.” In February and March, Beevers said, “we saw an alarming rise in the scale and frequency of these attacks—the norm was to get them in the sub-10 gigabit-per-second range, but we started to see five to six per week in the 20 gigabit range. We also started to see in our network—and other friends in the CDN space saw as well—a lot of probing activity,” attacks testing for weak spots in NS1’s infrastructure in different regions. But the new attacks have been entirely different. The sources of the attacks shifted over the week, cycling between bots (likely running on compromised systems) in eastern Europe, Russia, China, and the United States. And the volume of the attacks increased to the 30Gbps to 50Gbps range. While the attacks rank in the “medium” range in total volume, and are not nearly as large as previous huge amplification attacks, they were tailored specifically to degrading the response of NS1’s DNS structure. Rather than dumping raw data on NS1’s servers with amplification attacks—where an attacker sends spoofed DNS requests to open DNS servers that will result in large blocks of data being sent in the direction of the target—the attackers sent programmatically generated DNS lookup requests to NS1’s name servers, sometimes at rates of 50 million to 60 million packets per second. The packets looked superficially like genuine requests, but they were for resolution of host names that don’t actually exist on NS1’s customers’ networks. NS1 has shunted off most of the attack traffic by performing upstream filtering of the traffic, using behavior-based rules that differentiate the attacker’s requests from actual DNS lookups. Beevers wouldn’t go into detail about how that was being done out of concern that the attackers would adapt their methods to overcome the filtering. But the attacks have also revealed a problem for customers of the major infrastructure providers in the DNS-based traffic management space. While the DNS specification has largely gone unchanged since it was created from a client perspective, NS1 and other providers have carried out a lot of proprietary modification of how DNS works behind the scenes, making it more difficult to use multiple DNS providers for redundancy. “We’ve moved a bit away from the interoperable nature of DNS,” Beevers said. “You can’t slave one DNS service to another anymore. You’re not seeing DNS zone transfers, because features and functionality of the [DNS provider] networks have diverged so much that you can’t transfer that over the zone transfer mechanism.” To overcome that issue, Beevers said, “people are pulling tools in-house to translate configurations from one provider to another—that did work very well for some of our customers [in shifting DNS during the attack].” NS1, like some of its competitors, also provides a service that allows customers to run the company’s DNS technology on dedicated networks. “so if our network gets hit by a big DDoS attack, they can still have access.” Fixing the interoperability problem will become more urgent as attacks like the most recent one become more commonplace. But Beevers said that it’s not likely that the problem will be solved by a common specification for moving DNS management data. “DNS has not evolved since the ’80s, because there’s a spec,” he said. “But I do believe there’s room for collaboration. DNS is done by mostly four or five companies— this is one of those cases where we have a real opportunity because community is small enough and because the traffic management that everyone uses needs a level of interoperability.” As companies with big online presences push for better ways to build multi-vendor and multi-network DNS systems to protect themselves from outages caused by these kinds of attacks, he said, the DNS and content delivery network community is going to have to respond. Source: http://arstechnica.com/information-technology/2016/05/major-dns-provider-hit-by-mysterious-focused-ddos-attack/

Visit site:
Major DNS provider hit by mysterious, focused DDoS attack

DDoS-for-Hire Services Go Up on Fiverr for 5 Bucks

In a new wrinkle in cybercriminal business modeling, distributed denial of service (DDoS)-for-hire services are being offered on the popular website Fiverr—where, as its name suggests, various professional services are offered for $5. According to Imperva, DDoS-for-hire services are a widespread business for hackers, typically billing themselves as “stressor” services to “help test the resilience of your own server.” In reality, they’re renting out access to a network of enslaved botnet devices, (e.g., Trojan-infected PCs), which are used as a platform to launch DDoS attacks. And once a user hands over his money, the criminals don’t care whose servers are ‘stress tested.’ A year ago, Imperva’s survey of the 20 most common stressor services showed that the average price was $38 per hour, and went as low as $19. Recently, the SecureWorks Underground Hacker Marketplace Report showed that, on the bottom end, the cost of hiring such a service on the Russian underground dropped to just five dollars per hour. “The price tag made us think of Fiverr—a trendy online marketplace where various professional services are offered for five bucks?” Incapsula researchers said, in a blog. “Would DDoS dealers have the audacity to use this platform to push their wares? A quick site search confirmed that, in fact, they would.” Imperva reached out to see if the Fiverr offers were the innocent stress testers they claimed to be. “To do so, we created an account on Fiverr and asked each of the stressor providers the following question: Regarding the stress test, does the site have to be my own?” the researchers noted. “Most had the good sense to ignore our message. One suggested that we talk on Skype.” In the end, an offering with a skull and bones image that offered to “massive DDoS attack your website” responded, saying: “Honestly, you [can] test any site. Except government state websites, hospitals.” Imperva quickly contacted Fiverr to let them know about the misuse of their service—they responded and acted to remove the providers. “Fiverr’s decisive action should serve as an example to an online community that, by and large, has accepted the existence of illegal stressors as a fact of life,” the researchers noted. Source: http://www.infosecurity-magazine.com/news/ddosforhire-services-go-up-on/

More:
DDoS-for-Hire Services Go Up on Fiverr for 5 Bucks

Devices Infected With New Ransomware Versions Will Execute DDoS Attacks

A combination of Ransomware and DDoS attacks is heralding a new wave of cyber attacks against consumers and enterprises around the world. Security experts are concerned this may become a standard practice going forward; this is not good news by any means. Ransomware And DDoS Is A Potent Mix Over the past few years, ransomware attacks have become the norm rather than an exception. But the people responsible for these attack continue to improve their skills, and infected machines will now start executing distributed denial of service attacks as well. Not only will users not be able to access their files, but the device will also become part of a botnet attacking other computers and networks around the world. KnowBe4 CEO Stu Sjouwerman stated: “ Adding DDoS capabilities to ransomware is one of those ‘evil genius’ ideas. Renting out DDoS botnets on the Dark Web is a very lucrative business, even if prices have gone down in recent years. You can expect [bundling] it to become a fast-growing trend.” One of the first types of ransomware to embrace this new approach is Cerber, a Bitcoin malware strain which has been wreaking havoc for quite some time now. Attacks have been using “weaponized” Office documents to deliver malware to computers, which would then turn into a member of a botnet to DDoS other networks. While some people see this change as a logical evolution of ransomware attacks, this is a worrying trend, to say the least. Assailants can come up with new ways to monetize their ransomware attacks, even if the victim decides not to pay the fee. As long as the device is infected, it can be used to execute these DDoS attacks, which is a service worth the money to the right [wrong] people. A recent FireEye report shows how the number of Bitcoin ransomware attacks will exceed 2015 at the rate things are going right now. Now that DDoS capabilities are being added to the mix, it is not unlikely the number of infections will increase exponentially over the next few months. Moreover, removing the ransomware itself is no guarantee computer systems will not be used for DDoS purposes in the future, and only time will tell if both threats can be eliminated at the same time. Source: http://themerkle.com/devices-infected-with-new-ransomware-versions-will-execute-ddos-attacks/

View post:
Devices Infected With New Ransomware Versions Will Execute DDoS Attacks

Japanese teens DDoS attack takes out 444 school websites

A Japanese teenager was charged on May 11 for allegedly launching a DDoS attack against the Osaka Board of Education, which shut down 444 school websites. The 16-year-old faces obstruction of business charges for the attack, which was carried out last November, and marked the first time in Japan’s history that a cyber attack was launched against a local government, according to Japan Today. The teen said he launched the attack to remind his teachers “of their own incompetence,” according to the publication. The student reportedly told police he wanted to join the hacking collective Anonymous and that he didn’t know that schools other than his own would be impacted. He faces up to three years in prison and a 500,000 yen fine. Source: http://www.scmagazine.com/japanese-teen-launches-massive-ddos-attack-to-remind-teachers-they-are-incompetent/article/496756/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SCMagazineHome+%28SC+Magazine%29

View article:
Japanese teens DDoS attack takes out 444 school websites

Anonymous teams up with GhostSquad to attack major banks

Anonymous has joined forces with GhostSquad to launch successful cyberattacks on eight international banks that were forced to shut down their websites. The hacktivist collective alongside the hacker group GhostSquad have launched a new operation called Op Icarus which aims to punish corrupt banks and individuals in the financial sector. So far the Central Bank of the Dominican Republic, the Guernsey Financial Services Commission, the Central Bank of Maldives and the Dutch Central Bank were all offline for a brief period on May 6 after being hit with distributed denial of service (DDoS) attacks. A day later, the National Bank of Panama and the Central Bank of Kenya were hit with cyberattacks, followed by the Central Bank of Bosnia and Herzegovina and the Central Bank of Mexico were taken offline as a result of DDoS attacks. All eight of the international banks that have been targeted by Op Icarus have managed to bring their systems back online. Anonymous did send a warning to the banking community in the form of a video that was posted on May 4 which said: “We will not let the banks win, we will be attacking the banks with one of the most massive attacks ever seen in the history of Anonymous”. Members of the group also reportedly told the site Hack Read that: “The National Bank of Panama was a special target considering the importance of the Panama leaks. We want to make sure the corrupt elite named in the papers would be punished one day”. With the addition of the cyberattack against the Central Bank of Greece and the Central Bank of Cyprus, Anonymous has now launched 10 attacks on international banks on its list of 160 potential banks that could be targeted by its members. Anonymous has planned Op Icarus to be a month long campaign against the banking industry as a whole. The US Federal Reserve Bank, the IMF, the World Bank, the New York Stock Exchange and the Bank of England are all listed by the group as potential targets and with more than half of the campaigns’ allotted time remaining, this will most likely not be the group’s grand finale. Source: http://betanews.com/2016/05/12/anonymous-op-icarus/

See the original post:
Anonymous teams up with GhostSquad to attack major banks

Protect your apache server from WordPress Pingback DDoS attacks

A security researcher at SANS Technology Institute put out an advisory around 8 months ago when he discovered that WordPress’s “pingback” functionality contains an exploit allowing it to request a result from any server that an attacker wishes. This vulnerability means that there are thousands of WordPress installations that can be effectively weaponized to conduct floods against any target site of someone’s desire. This particular attack is dangerous because many servers can be overwhelmed with only 200 blogs “pingbacking” their site, clogging up their limited connections and/or resources. To confirm if you are under wordpress pingback ddos attack, check your access logs. $ sudo tail -f /var/log/apache2/access.log Logs will look like this: 74.86.132.186 – – [09/Mar/2014:11:05:27 -0400] “GET /?4137049=6431829 HTTP/1.0? 403 0 “-” “ WordPress /3.8; http://www.mtbgearreview.com” 143.95.250.71 – – [09/Mar/2014:11:05:27 -0400] “GET /?4758117=5073922 HTTP/1.0? 403 0 “-” “ WordPress /4.4; http://i-cttech.net” 217.160.253.21 – – [09/Mar/2014:11:05:27 -0400] “GET /?7190851=6824134 HTTP/1.0? 403 0 “-” “ WordPress /3.8.1; http://www.intoxzone.fr” 193.197.34.216 – – [09/Mar/2014:11:05:27 -0400] “GET /?3162504=9747583 HTTP/1.0? 403 0 “-” “ WordPress /2.9.2; http://www.verwaltungmodern.de” To block wordpress pingback attack in Apache use this configuration. $ sudo nano /etc/apache2/apache2.conf Options -Indexes AllowOverride All Require all granted BrowserMatchNoCase WordPress wordpress_ping BrowserMatchNoCase WordPress wordpress_ping Order Deny,Allow Deny from env=wordpress_ping Source: https://sherwinrobles.blogspot.ca/2016/05/protect-your-apache-server-wordpress.html

See original article:
Protect your apache server from WordPress Pingback DDoS attacks